The California Consumer Privacy Act: 5 Steps Mobile App Developers Should Be Taking Now
The California Consumer Privacy Act (CCPA) is already in effect, and beginning July 1, 2020, the California Attorney General will begin to enforce it. This law impacts all businesses with an online presence in California. Though confusing to many, the new law is not going away and cannot be ignored. For developers of mobile apps, there are a few basic requirements that should be part of the early stages of your compliance plan.
- Identify the categories of personal information collected in the last 12 months, the sources from which they were collected, and how they are used and shared;
- Notify consumers of and provide instructions on how to exercise their rights to know and delete;
- Tell consumers whether their information is “sold” as that term is broadly defined in the CCPA and, if so, what their rights are to opt-in or opt-out of the sale;
- Notify consumers that they cannot be discriminated against for exercising their rights; and
- Include a “last updated” date and contact information for consumers to ask you questions or voice concerns.
Fourth, if you collect personal information for purposes consumers would not reasonably expect, you must provide consumers a just-in-time notice, usually in the form of a pop-up within the app. For example, if you operate a flashlight app that collects geolocation data, you must provide your consumers with a pop-up notice, alerting them to that unexpected collection of data.
Fifth, if you share consumers personal information with other companies, at the very least, you must take the steps to determine whether that sharing falls within the CCPA’s broad definition of “sale.” In many cases, it will. This is critically important because the “sale” of consumers’ personal information triggers opt-in and opt-out requirements.
These five steps will help you begin down the path of CCPA compliance. However, the law is complicated and goes beyond these basic requirements. If you do not have the internal resources (and, even if you do), it is a good idea to consult a professional.
• • •
Have more questions about CCPA compliance? Feel free to reach out to us through our Contact page to learn more about our program. Be sure to follow us on Twitter and LinkedIn for more privacy-related updates.CC